Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2019-4720 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. | 7.5 |
| 2020-01-28 | CVE-2019-4707 | XXE vulnerability in IBM Security Access Manager 9.0.7.0 IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2020-01-28 | CVE-2019-4639 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-01-28 | CVE-2019-4620 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. | 7.8 |
| 2020-01-10 | CVE-2019-4508 | Insufficiently Protected Credentials vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. | 7.8 |
| 2019-12-20 | CVE-2018-1934 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Business Intelligence 10.2.2 IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-12-18 | CVE-2019-4609 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7 IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-12-12 | CVE-2019-4606 | Untrusted Search Path vulnerability in IBM DB2 High Performance Unload Load IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. | 7.8 |
| 2019-12-11 | CVE-2019-4715 | OS Command Injection vulnerability in IBM Spectrum Scale IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2019-12-09 | CVE-2019-4612 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. | 8.8 |